Vulnerability Exposure Policy

This policy applies to all products and services offered by SCB TechX, as well as to any third-party components or dependencies that are integrated or used by SCB TechX’s products and services. This policy covers any potential vulnerabilities and errors that may affect the confidentiality, integrity, availability, functionality, or performance of SCB TechX’s products and services, or that may pose a risk to SCB TechX’s customers, partners, employees or other stakeholders. This policy does not apply to any issues that are not related to SCB TechX’s products and services, such as phishing, social engineering, physical security, or denial-of-service attacks.

SCB TechX welcomes and encourages reports from anyone who identifies a potential vulnerability or error in SCB TechX’s products and services, including but not limited to customers, partners, employees, researchers, academics, or ethical hackers. SCB TechX values the contributions of the external security research community and will reward them for any new and valid vulnerability reports that help improve SCB TechX’s security posture, in accordance with SCBX Group’s Bug Bounty Program guidelines and terms and conditions.

The safety and security of our customers’ data, and the reliability of our products and services, are of utmost importance to SCB TechX. Therefore, we aim to design and make products and services with the highest levels of security and reliability. Despite our best efforts, due to the highly complex and sophisticated nature of our products and services, vulnerabilities and errors may still be present in our products and services.

This policy describes SCB TechX’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its products and services.

Customers, users, researchers, partners and any other person that interacts with SCB TechX’s products and services are encouraged to report identified vulnerabilities and errors by using the form present on the Vulnerability Disclosure Policy platform.

SCB TechX highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. This will contribute to improving the security and reliability of our products and services.

Please note that supplying your contact information with your report is entirely voluntary and at your discretion. You can be assured that SCB TechX will only use such information to clarify the details of your report with you, if necessary.

By making a report to SCB TechX using the form on the Vulnerability Exposure Policy platform, or otherwise communicating a report to SCB TechX regarding vulnerabilities and errors, you agree to the following terms:

SCB TechX may use your report for any purpose deemed relevant by SCB TechX, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that SCB TechX deems to exist and to require correction. To the extent that you propose any changes and/or improvements to a SCB TechX product or service in your report, you assign to SCB TechX all use and ownership rights to such proposals.

You warrant and confirm to SCB TechX that

• You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to SCB TechX), the discovered vulnerabilities and/or errors;
• You have not engaged, and will not engage, in testing/research of systems with the intention of harming SCB TechX, its customers, employees, partners or suppliers;
• You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access, and have destroyed all the data that you may have extracted from SCB TechX in relation to the vulnerability and/or error discovered;
• You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks and have not and will not disrupt, compromise, or otherwise damage data, products, services or property owned by other parties. This includes attacking any devices or accounts other than your own (or those for which you have explicit, written permission from their owners);
• You have not tested, and will not test, the physical security of any property or building of SCB TechX;
• You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with SCB TechX product or service that lead to your report;
• You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that vulnerabilities and/or errors have been reported to SCB TechX;
• SCB TechX does not guarantee that you will receive any response from SCB TechX related to your report. SCB TechX will only contact you regarding your report if SCB TechX deems it necessary;
• You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by SCB TechX;
• SCB TechX is committed to maintaining an open and transparent approach to vulnerability disclosure and welcomes feedback and suggestions for improvement from all stakeholders.

Use and Management of cookies

We use cookies and other similar technologies on our website to enhance your browsing experience. For more information, please visit our Cookies Policy.

Your consent required

If you want to message us, please give your consent to SCB TechX to collect, use, and/or disclose your personal data.

| The withdrawal of consent

If you want to withdraw your consent to the collection, use, and/or disclosure of your personal data, please send us your request.


Message sent

We have receive your message and We will get back to you shortly.